Apple's Walled Garden: Sledgehammer Needed

Friday's revelation of an iOS app with a "hidden" tethering capability shows that walled garden restrictions don't necessarily keep us safer. They do create a monopoly and planned obsolescence. It's time to break down those walls.

Apple's highly restricted app store is a blade that cuts two ways. Fans of the high tech gear buy into a secure "walled garden," where they have the perception that malware will never infest their iPhones, unlike those "riskier" Android devices. Friday's news of an App store tethering app hidden inside a random number generator app proved for the umpteenth time it is possible to sneak one past Apple. Other apps with trojans, I mean, hidden features have made it past Apple in the past. (But, what is "trojan" other than "hidden?") How long will it be until the hidden feature really is malicious? Is Apple's vaunted walled garden nothing more than an illusion?

Security is never an "on/off" concept. We all know that it's about due diligence, and that there are tradeoffs between convenience and security. In Apple's case, we must surmise that if the App Store really did significant code review prior to posting, it might introduce unacceptable delay to App Store postings. Fair enough, and Apple does deserve a tip of the hat when it comes to its track record of iOS malware versus its biggest competitor, the Google Android platform. But, with Google introducing its new "Bouncer" service, which automates the search for suspicious behavior in apps, I think that Apple's central premise, that is, that Apple requires massive control over what features are in apps, will come under fire.

If app developers can sneak one past Apple, it would appear that one of Apple's central arguments--that their Draconian app practices are required to provide security--is flawed. Sure, Apple has now taken down the iRandomizer app (following the publicity), but the fact that the app made it in there shows that the walled garden has lots of holes in it.

By the way, we contacted the iRandomizer app's creator and asked whether Apple took action other than pulling the app. "No comment on that," wrote Nick Kramer in an email. "I designed the feature for family and friends, I should have pulled the app when it was discovered. Apple did what they had to do. Hopefully, in the near future Apple will begin allowing tethering apps into the U.S. App Store. If they did, the number of developers putting hidden features into their apps and users who jailbreak their iPhones would drop tremendously," said Kramer.

I will admit, I've never been a huge fan of Apple's walled garden. I love the fact that Apple, not the carriers, is the provider of the apps on the phone. This reduces "app crap". But the walled garden itself? Apple's strong arm on virtual machines, which rule out Flash and emulators? Totally unnecessary.

Fans of the Apple platform, including myself, have said that, in the field, iOS-based mobile devices tend to have fewer support calls associated with them than the equivalent Android platforms. But I'm not so sure that the walled garden can take credit for this. I think it's more of the classic Apple control-over-the-hardware and control-over-the-OS that can take credit for that. Safer? Mostly, but not "totally safe."

And, in terms of functionality, a jailbroken phone can be MORE functional than a non-jailbroken phone. Case in point: As an iPhone user, I'd love to save off some of my voicemails as files. If I had a jailbroken phone, I could save HOURS of voicemails off in about 30 seconds. Because I have not jailbroken my phone, I would need to hook an audio plug up to my phone, then manually record those voicemails. If I wanted to permanently capture all of the meaningful messages that I've received over the years, it would be a significant expenditure of time.

Innovation sometimes requires going outside the vision of what the platform designer intended. Witness the Air Force supercomputer built out of PS3 game consoles, a vision far beyond that which Sony had in mind.

So, while I think that CIOs have a stake in the game when it comes to security, I am not at all sure that the massive one-sided restrictions on platform use that come along with the walled garden are a plus for enterprise IT. And again, it is becoming clear that the walled garden doesn't necessarily offer apps that are completely vetted, so that so-called value proposition flies out the window.

But the question of whether the walled garden is a good thing may be out of the hands of CIOs soon; the question is now, should our system of government support mandatory walled gardens by making it illegal to jailbreak from that walled garden? Because of the Digital Millenium Copyright Act, it didn't used to be legal to jailbreak an iPhone. Then, copyright officials made an exemption to the DMCA to allow jailbreaking of phones. This exemption comes up for renewal soon, and the comment period expires next week.

Bunnie Huang, a jailbreaking champion, and Xbox hacker, says, in a letter to the Feds, "users of these products benefit from the flexibility to choose their own operating systems and run independently developed software. We need the law to catch up with how people are using technology. Jailbreaking is helping to make technology better, more secure, and more flexible." Most jailbreakers and jailbreaking researchers like the Dev-Team act responsibly. In fact, they take pains to let users know how to patch existing vulnerabilities in iOS that Apple may not have patched yet.

I am well aware of the risks that come along with jailbreaking. I don't have a jailbroken iPhone. But, as a matter of pragmatics, I have seen many IT problems over the years solved via custom code and/or the use of a device in a way that the original manufacturer did not intend. I am also significantly concerned about HOW the walled garden is being used. Specifically, it appears that the walled garden is going to be used for planned obsolescence. That translates into cost for my organization. The walled garden means single supplier, which means monopoly. Legal jailbreaking means the breaking of the monopoly. It means an opening for third party suppliers.

Third party suppliers are healthy for competition. If, for example, Rimini Street (a third party support provider for ERP) was breaking the law by maintaining ERP systems, you can bet your bottom dollar that ERP maintenance would go up, up, up.

So, on this one, I'm actually with the jailbreakers. Apple had its chance to show us that they could have a 100% capture rate on undesirable or forbidden apps. Apple failed. And, to be fair, anybody would fail, because it's just not possible to have 100% security. But this also means that it's just unacceptable to trade flexibility and/or to sustain a monopoly to continue the illusion of 100% security--in that innovation-free box canyon that they call a walled garden.

Jonathan Feldman is a contributing editor for InformationWeek and director of IT services for a rapidly growing city in North Carolina. Write to him at jf@feldman.org or at @_jfeldman.

Good article and I agree with most of it. However, I don't think Apple will even loosen the reigns it holds over iOS. Most of what Apple does is very walled off and that, too, will likely never change. In fact, I believe that their rigidity in this regard will ultimately be their downfall. Sure, that wont happen today or tomorrow but, sooner or later consumers will decide to buy more functional and open products at lower prices.

As a platform agnostic, I agree with some of your points, but take exception to one. What's all this talk of Apple's record of intentional "obsolescence"? I have a Mac IIfx and a G3 gathering dust. Are they 'obsolete'? Yes. Is OS9, or for that matter OS X "Puma" 'unsupported'? Yes. But the same could be said for my Packard-Bell PC running WinME. Apple is no more or less prone to obsolescence than any other. The world moves on, but there is no magic timebomb that blows up inside a chassis once the manufacturer declares it to be "unsupported". This kind of obsolescence is normal for any platform.

"Walled garden" arguments aside, the iOS platform is (at the moment) technically less prone to obsolescence than Android. Most Android phone go obsolete soon after release because the handset manufacturers and carriers are more intent on luring you to the next version of the Droid or Razr than they are at getting Gingerbread or ICS on your old model. In contrast, Apple still supports 2 generations back on the current iOS release (on 2 completely different form factors!). No manufacturer using Android can come anywhere close to making that claim.

Apple's walled garden has never been about security. Slightly better security is a welcome side effect but the author of this article is missing the point entirely. You need to study Steve Jobs and his values to understand why the walled garden exists. A closed system allows Apple to control the user experience to help ensure that the user experience is smoother and more pleasing to the end user. It also allows them greater control over the future direction and the ability to direct revenue into their bank account while blocking out competition. These reasons dominate the decision, and security would barely make it onto the pie chart of Apple's decision making data regarding the walled garden. For those of us who don't like the walled garden we can always identify flaws and important reasons why openness has benefits over it, but those many reasons that are well established in the popular media about this have very little to do with the cause and effect reasons why Apple has made this type of decision long ago. If Apple eventually starts to decline 50 years from now the anti-walled-garden folks will surely jump up and try to declare that they have been right all along. The walled garden has a lot of strengths for Apple and the cost incurred by alienating so many individuals who clearly hate it is not enough to out weight the benefits to them. If that day ever comes it's quite easy for them to implement a more open set of policies but that day is so far in the future that we don't need to speculate about it any time soon.

Jonathon, you just don't get it. Variation is the enemy of quality. Apple's walled garden which includes control over the hardware and software, limits variation and increases the quality (predictability) of the platform. This limitation of variation allows for developers to focus on writing applications and not debugging the platform or making an app run on multiple flavors of an operating system. I write this with confidence on a Mac which is also in its own walled garden. It's funny how you and others talk about the evils of monopoly but it is this monopoly (Apple) that gave us the type of phone that millions enjoy on the iPhone and the Android today. Before that, Blackberry had that monopoly and they lost.

It IS Apple's store, and I'm not saying that Apple should have to let others use THEIR app store under terms other than Apple's, but -- if someone wants to JB their phone and make use of Cydia and/or write their own code, absolutely, they should understand that they're voiding their warranty, but should it be illegal? No way. In reality, too many enterprises keep equipment past its "useful life" (can you say "SAVE MONEY?"), and it's essential to be able to mod and tweak, whether you're in manufacturing or healthcare or other businesses.

Wow, what an incredible and detailed comment! Agree with much of it. The one point that I'd make is that Google really needed to do something like Bouncer from the BEGINNING instead of letting it be a free-for-all. Don't you think? I mean, there's no "totally secure," but it seems like the Google Marketplace was a malware zone from the beginning, and an org like Google, with their resources, could have been a little bit quicker on the uptake. No?

I like the idea of multiple app stores! Particularly, I like the idea of an app store that allows for apps to be sold once the original equipment manufacturer has decided to seek greener pastures, because XYZ points of profitability are their minimum. BUT, the point is, you can't have multiple app stores without jailbreaking (on iOS). Jailbreaking should NOT be illegal!

There are some fundamental flaws and omissions within the comments on both sides, understanding first that the author is an Apple user.

First, what most people miss is the Android platform apps through most cellular service providers are vetted, and available for integration with the obligatory warnings about what each app accesses or disseminates in the way of resources and information. There's even a warning on most phones about utilizing third party apps outside of the "safe" resources.

Apple has tried to dominate all aspects of their devices for years, well before the Apple "Lisa" debacle, and their planned obsolescence of devices, OS and apps -- much to the chagrin and dismay of many a business owner. Imagine investing many thousands of dollars in a supposedly new and stable Apple computer integration, only to find the new hardware and OS are no longer supported, and even though you're still making payments on those Apple systems you need to throw them out and buy all new Apple systems, OS, apps, etc.

Not very good ROI for a business, especially when Apple decided around 1990 to undercut the K-12 market re-sellers their success was built upon -- offering Apple systems cheaper to end customers than the dedicated Apple re-sellers could buy them for. This effectively killed Apple's bought and paid for dominance in the K-12 market. But I digress.

Security on any platform or OS is simply an illusion, even with Apple. Why no more DVDs in iPads? Apple wants every consumer to buy all of their movies from Apple. After all, Apple even decided to dump their support for the company that pretty much made Apple an acceptable product, Adobe -- specifically their Flash product. You see, Adobe put its "eggs" into the Apple basket decades ago with its proprietary Spirascan algorithm, which made text characters appear with smoother edges, instead of the jagged edges common beforehand. This made Apple appear clearer and easier to read, albeit not possible without Adobe's support of Apple. Kind of interesting that without Adobe doing this, Apple might never have taken off, using only the GUI developed by Xerox's Palo Alto Research facility. Apple didn't develop that.

Has exclusive control over certain hardware or software been successful in the past by companies? Not really. Sony's marketing and licensing blunder with Beta, and selling to JVC the VHS format it also developed is one example. If nothing else, we have learned the pitfalls of monopolies, in too many instances to name.

Open architecture is what's worked best and has proven to be the way of the future, allowing many to "police" what's going on and offer improvements, because no manufacturer can ever plan on their hardware/software being used for purposes they themselves designate. That's exactly why hackers and sometimes innocent users can breakdown even the best firewalls and protections. We cannot plan for everything, and sometimes even the simplest instances create problems. Apple users still can be attacked with virus and malware content. I know. I've seen it, and been working on Apple systems since 1978.

I've consulted with schools and corporations who feel they have the best systems in place to stop unwanted intrusion, and every one of them can and will fail at some point. It's inevitable. No company can anticipate everything every person in the world might think up, in the way of unanticipated uses or intrusions. I've also seen every one of them fail, at some point. Even the websites for the CIA and FBI have been hacked, multiple times over the years, as have what are supposed to be the most secure systems in the world.

Apple has its problems, and there are really no functional features and benefits that can't be broken easily. Android has its problems, too, but is soundly beating Apple in market saturation. The new Samsung Galaxy is one product that beats Apple products, hands down, and there's nothing Apple has slated that even comes close (which is why they're trying to stop Samsung through court wranglings worldwide).

The issue is really very simple. Choose a smartphone platform that offers the features you prefer, with access to the apps you use, and understand that NO PLATFORM is completely safe... especially Apple. For every way they say they can protect users, there'll be 1,000 or more hackers that can and will prove them wrong at some point along the path.

For me, if I purchase something, I expect to be able to use it in the manner I choose, not how some manufacturer tells me -- with its limitations. I guess that's why I own an Android phone, and shall never own an iPhone product. I prefer to have something with more capabilities, greater range of adaptability, for a much lesser price, without the built-in obsolescence and limitations.

To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.

Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.